[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2] gnu: openjpeg-2.*: Fix CVE-2016-7163.
|
From: |
Ludovic Courtès |
|
Subject: |
Re: [PATCH 1/2] gnu: openjpeg-2.*: Fix CVE-2016-7163. |
|
Date: |
Sat, 10 Sep 2016 00:29:41 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> On Fri, Sep 09, 2016 at 10:15:58AM +0300, Efraim Flashner wrote:
>> On Fri, Sep 09, 2016 at 02:04:40AM -0400, Leo Famulari wrote:
>> > diff --git a/gnu/packages/patches/openjpeg-CVE-2016-7163.patch
>> > b/gnu/packages/patches/openjpeg-CVE-2016-7163.patch
> [...]
>
>> Was from here down put/left here intentionally? It looks out of place
>>
>> > +From c16bc057ba3f125051c9966cf1f5b68a05681de4 Mon Sep 17 00:00:00 2001
>> > +From: trylab <address@hidden>
>> > +Date: Tue, 6 Sep 2016 13:55:49 +0800
>> > +Subject: [PATCH] Fix an integer overflow issue (#809)
>> > +
>> > --
>> > 2.10.0
>
> You're right. I had concatenated the two commits out of order, and I
> accidentally left this header at the bottom when moving the original
> bugfix above the follow-up commit.
>
> Thank you for catching this.
>
> I've attached an updated patch.
>
> From 040531530913dbf26ce42ad27e1914f4d1683bd3 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <address@hidden>
> Date: Fri, 9 Sep 2016 01:48:50 -0400
> Subject: [PATCH] gnu: openjpeg-2.*: Fix CVE-2016-7163.
>
> * gnu/packages/patches/openjpeg-CVE-2016-7163.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/image.scm (openjpeg, openjpeg-2.0): Use it.
Go for it. Thank you!
Ludo’.
- [PATCH 0/2] OpenJPEG security fixes (CVE-2016-{5157,7163}), Leo Famulari, 2016/09/09
- [PATCH 2/2] gnu: openjpeg-2.*: Fix CVE-2016-5157., Leo Famulari, 2016/09/09
- Re: [PATCH 0/2] OpenJPEG security fixes (CVE-2016-{5157,7163}), Efraim Flashner, 2016/09/09
- v2: OpenJPEG security fixes (CVE-2016-{5157,7163}), Leo Famulari, 2016/09/09